Submitting Samples

These samples will be ingested by an automated system that'll unzip anything that's zipped (please use passwords "infected" or "virus", otherwise it'll be shunted out to a human). These are then brought into the sandnet's incoming queue after some normalization and deduplication.

Samples are analyzed by our sandnet and the results fed to our volunteer analysts. These analysts check that appropriate snort and suricata signatures hit for the infection and CnC? activity of each sample. If the sample was undetected we get the rules written and out to the ruleset asap!!

If you run Nepenthes ( http://nepenthes.mwcollect.org/ ) you can setup to automatically submit those captured samples to us. Normally Nepenthes will drop all of your captured binaries in a directory. Here's a simple script to zip and pass protect those and send them on to us for analysis: